WordPress Plugin Vulnerabilities

WP Image Zoom <= 1.23 - Cross-Site Request Forgery (CSRF)

Description

The WP Image Zoom WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) security vulnerability.

Affects Plugins

Plugin icon
wp-image-zoooom
Fixed in 1.24

References

URL
https://advisories.dxw.com/advisories/wp-image-zoom-dos/
URL
https://seclists.org/fulldisclosure/2018/Apr/23

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Submitter
Ryan
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
38939de8-bd3b-4014-bd3a-578e49342f26

Timeline

Publicly Published
2018-03-29 (about 8 years ago)
Added
2018-04-12 (about 8 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2024-04-12
Title
Libsyn Publisher Hub <= 1.4.4 - Cross-Site Request Forgery
Published
2019-10-14
Title
WordPress <= 5.2.3 - Admin Referrer Validation
Published
2025-01-16
Title
Apply with LinkedIn buttons <= 2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-04-24
Title
Loan Calculator <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-02-18
Title
DeBounce Email Validator < 5.8.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting